In this tutorial, I will demonstrate how to setup a Secure VPN using Wireguard on Docker using docker-compose and then we will use a Windows PC to connect to our Wireguard VPN using the Wireguard Client.

The following configurations should be changed, depending on your setup:

  • TZ - timezone
  • SERVERURL - this will be set where your client will connect to
  • SERVERPORT - this will be set in your client config (the listen port is hardcoded to 51820)
  • PEERDNS - this is the dns server that will be set in the client config (I use PiHole for DNS to block ads)
  • PEERS - this is used to create configs for your clients
  • INTERNAL_SUBNET - this is optional, but this is the subnet the connected clients will use

Start the Wireguard Server

The docker-compose.yml :

version: '3.7'

services:

  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Africa/Johannesburg
      - SERVERURL=wireguard.example.com
      - SERVERPORT=51820
      - PEERS=ruan,mobile
      - PEERDNS=192.168.0.114 
      - INTERNAL_SUBNET=10.64.1.0
      - ALLOWEDIPS=0.0.0.0/0
    volumes:
      -  ./config/wireguard:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

Start up wireguard using docker compose:

$ docker-compose up -d

Once wireguard has been started, you will be able to tail the logs to see the initial qr codes for your clients, but you have access to them on the config directory:

$ docker-compose logs -f wireguard

The config directory will have the config and qr codes as mentioned:

$ ls ./config/wireguard/peer_ruan
peer_ruan.conf  peer_ruan.png  privatekey-peer_ruan  publickey-peer_ruan

Install the Wireguard Client

Head over to https://www.wireguard.com/install/ and install the client of your operating system, I will be using Windows in this example to demonstrate the setup.

I have a couple of configured tunnels already, but yours should looks something like this:

image

To setup a new tunnel, from the new tunnel options select add empty tunnel:

image

Copy the content from your config directory, for demonstration I will show you how one of my peer configs looks like:

$ cat ./config/wireguard/peer_ruan/peer_ruan.conf
[Interface]
Address = 10.64.1.2
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ListenPort = 51820
DNS = 192.168.0.114

[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Endpoint = xxxxx.xxxxx.xxx:51820
AllowedIPs = 0.0.0.0/0

Then paste the config content and name your tunnel:

image

Connect the Wireguard VPN

Once you connected the VPN you should see something like this:

image

Now the connected client should be able to access the private network over the VPN where Wireguard is running.

Thank You

Thanks for reading, if you like my content, check out my website or follow me at @ruanbekker on Twitter.